|
|
Subscribe / Log in / New account

Ubuntu alert USN-7168-1 (editorconfig-core)



From:
              Noam Nedelec-Salmon <noam.nedelecsalmon@canonical.com>


To:
              ubuntu-security-announce@lists.ubuntu.com


Subject:
              [USN-7168-1] EditorConfig vulnerabilities


Date:
              Wed, 18 Dec 2024 12:02:42 +0100


Message-ID:
              <64119b1a-d5dc-462a-a95e-be241e0cfc67@canonical.com>


==========================================================================
Ubuntu Security Notice USN-7168-1
December 18, 2024

editorconfig-core vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS

Summary:

EditorConfig could be made to crash or run programs as your login if it
received specially crafted input.

Software Description:
- editorconfig-core: coding style indenter for all editors

Details:

It was discovered that EditorConfig improperly managed memory when handling
certain inputs, leading to overflows. An attacker could possibly use these
issues to cause a denial of service, or execute arbitrary code.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 22.04 LTS
editorconfig 0.12.5-2ubuntu0.1~esm2
Available with Ubuntu Pro
libeditorconfig0 0.12.5-2ubuntu0.1~esm2
Available with Ubuntu Pro

Ubuntu 20.04 LTS
editorconfig 0.12.1-1.1+deb11u1build0.20.04.1
libeditorconfig0 0.12.1-1.1+deb11u1build0.20.04.1

Ubuntu 18.04 LTS
editorconfig 0.12.1-1.1ubuntu0.18.04.1~esm2
Available with Ubuntu Pro
libeditorconfig0 0.12.1-1.1ubuntu0.18.04.1~esm2
Available with Ubuntu Pro

Ubuntu 16.04 LTS
editorconfig 0.12.0-2ubuntu0.1~esm2
Available with Ubuntu Pro
libeditorconfig0 0.12.0-2ubuntu0.1~esm2
Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-7168-1
CVE-2023-0341, CVE-2024-53849

Package Information:
https://launchpad.net/ubuntu/+source/editorconfig-core/0....






Attachment: OpenPGP_signature.asc (type=application/pgp-signature)

-----BEGIN PGP SIGNATURE-----

wsF5BAABCAAjFiEEio4S3x96YxGyKsfkNfzInf03kcEFAmdiq9IFAwAAAAAACgkQNfzInf03kcHv
cw/+NXHWmY8StKmuudfQPZuOtmVCKd2hN8McKPmI+GSD1uafmjfq36fEGCVWu8+F1K5lp1F1HxKM
5oxv8eR2nRBBb8R2paB3PGGoVViLSiHc/5iTP9Ss6VrJaZ2Lv/olKNxKeT/19d/MYVPw+95QMd6K
Bo0sWGkWAX30UupucRkzJOQPpQ5m6Y5n2Be2yY3fBEqscLXK5BMudz2QGV7NeeRpqTcLmpmLtCd8
9xfHJR4Py+JESalRRe74cYF/FFvrp/7c4dW+wFd3dpwnfZcuqdcCJsWrmaFfJGSAU5p3DWqdvkwQ
zErjhtEu6+6NrzONy/f6LtTtmLBkY5R6tCsBOgAJyd0p0xPKE2iTclFzIcWFOqZncsSqyCms81JU
iNwoLdJpCSPfw3osSTQQkMQQ+xF+3n4WUOhu3l6jQoOBjh6qtrsTqoL1CW1dO1BO7UjHqfLfR8dY
MMXucYmM1+dqIO6HD7D9uH+fEy6JglF8ASoO3M4QaN4+1oJ10qOgeb2E5/0ih4XYWXfuWaT7cmgp
jeAAH1V/qxgEXPcYBBL25rhbtZrjouwlTj853682H+ngHoQch7r9cFJDxbkn7KOBuycsM18rqaj8
bjn3i4hgu8GXabKPRmOB4bP7tARKKHndj24vHrofFCOkMzJO7EmM05R/MhrLwG4oUWz4bBeK3Pof
WjU=
=xHga
-----END PGP SIGNATURE-----




Attachment: None (type=text/plain)
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds